Liberty Alliance Project (hereinafter LAP) is aimed to develop a set of open technical specifications for web services. In this respect, LAP attempts to improve the use of web services by proposing a so-called Identity Web Services Framework (hereinafter Id-WSF) specifying the basis for privacy and security protection and, more specifically, LAP promotes and defines the Id-WSF for a permission-based attribute sharing.
Therefore, LAP distinguishes two classes of policies for carrying out said permission-based attribute sharing: policies established by the LAP processing components, namely component entities within the circle of trust, and policies established by individual Principals, namely the users. Other policies may be settled as well in accordance with applicable legislation. In short, LAP supports the sharing of user's attributes inasmuch as the user so permits.
Prior to discussing any existing techniques or trends to improve the use of web services by sharing users' attributes, the concept and scope of such users' attributes for LAP has to be clarified. On the one hand, an Attribute is understood under LAP as a distinct characteristic of a Principal, thus Principal's characteristics are said to describe the Principal. This definition of attribute made by Liberty harmonizes with the aim of a user's attribute as recited throughout this document, as well as with general interpretations made by the public, such as an attribute being a quality regarded as a natural or typical part of somebody or something, and also an attribute being an object recognized as a symbol of a person, or his position, or other personal details.
On the other hand, LAP goes beyond the attribute scope and introduces the concept of ‘Resource’ as either data related to some identity, or service acting on behalf of some identity; the former being a user's attribute in its most classical meaning, such as the user's postal address for example; the latter being a sort of abstraction derived from currently emerging services and facilities that may also characterize a user in interaction with other users, such as a user's calendar where user's appointments may interact with corresponding other-user's appointments. In particular, a user's calendar might be regarded as an exemplary user's attribute interesting to share with other users, for example, simply for appointment purposes, or for more sophisticated services such as the user booking at any time for dinner in a restaurant, and the restaurant making an appointment in the user's calendar as a confirmation of the booking later on. The user's attributes in the present document assume the distinction made by LAP and thus include a sort of identity-related attributes and a sort of service-related attributes for a particular user.
Currently existing techniques under LAP Id-WSF provide for a Discovery Service where each service provider, which hosts user's attributes, registers a sort of reference to the attributes, namely a so-called resource offering, and from where other service providers fetch such resource offering for further accessing the attribute. In particular, LAP designates the service provider carrying out the registration of a resource offering, and thus owning the attribute to be shared, as ‘attribute provider’ whereas any service provider fetching such resource offering is designated as ‘attribute requestor’. Nevertheless, currently existing literature also refers to an ‘attribute provider’ as a web service provider, whereas an ‘attribute requestor’ is referred to as a web service consumer.
In accordance with LAP Id-WSF proposals, a web service consumer wanting to access a user's attribute of a given user requests a corresponding resource offering from a Discovery Service. The Discovery Service provides the corresponding resource offering, which includes a reference to a web service provider hosting the user's attribute, to the web service consumer, which in turn addresses a corresponding query to the web service provider about the user's attribute fetched of the given user.
Upon such request from a web service consumer, the web service provider may, for the sake of security and privacy, initiate a procedure to ask for user's consent from the given user prior to sharing the requested use's attribute with the web service consumer, namely the attribute requestor.
This procedure may perfectly satisfy a quite general scenario where users enjoy of different web services and get advantages of new services that facilitate the user's way of life, such as the above examples showing the sharing of the user's calendar, booking in a restaurant, getting last minute flight tickets depending on the availability of the user shown in the user's calendar, and so on.
However, further scenarios are foreseeable where user's consent by the user owning the attributes may be a drawback rather than an advantage. For example, where the user whose user's attributes are requested for sharing is actually a minor, or a person with handicapped control capability, both requiring a sort of parental or tutorial control in their normal way of living.
One might think that this problem would never occur if no user's attribute is published with a resource offering for such people without a full decision capability, but such restriction might be even worse. The current way of life, and the natural evolution and trends suggest that more and more services are going to be incorporated into the normal people life in the form of interactive web services. For instance, medical services anywhere may require accessing to personal details of a minor, on vacation without parents or relatives, and who may require an urgent treatment. Such personal details would be hosted in a web service provider but the sharing of these particular data should be subject of approval by the parents.
Thereby, any person has the right, and should be given the opportunity, to have user's attributes in a web service provider for sharing with an ‘attribute requestor’, namely with a web service consumer, even if such person is not enabled to provide user's consent to share such user's attributes.
Another scenario where the sharing of attributes may require user's consent by a user different than the one owning the user's attributes is a corporation having a designated employee as the user in charge of approving subscriptions of other employees to specific web service providers.